Targetting Get-ACL to a specific domain controller

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 6 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
Ashley-F
Posts: 1
Last visit: Thu Aug 30, 2018 9:03 am

Targetting Get-ACL to a specific domain controller

Post by Ashley-F »

Hi,

I have a script that creates various OU, security groups, GPO’s and then ties them together by linking the GPO’s and doing some access right delegation on the OU’s and GPO’s.

My problem is (I think) with AD replication.

I create a new OU using this command:

$NewOUDN = "OU=Security Groups,OU=Region,DC=domain,DC=com"
$FirstDNPart = $NewOUDN.Split(",")[0].substring(3)
$LastDNPart = $NewOUDN.Split(",",2)[1]
New-ADOrganizationalUnit -Name "$FirstDNPart" -Path "$LastDNPart" -ProtectedFromAccidentalDeletion $True -Server $TargetDC -Description "$NewOUDescription"

So far, so good. Then I want to configure some ACE’s. That starts with getting the current ACL list so I run:
$acl = Get-ACL -Path $NewOUDN

The $TargetDC variable will usually not be the same as the logon server my workstation is connected to, so 'usually' (<> always) I get this error message:
Get-ACL : Cannot find path 'OU=Security Groups, OU=Region,DC=domain,DC=com' because it does not exist.


Ideally I would use -Server $TargetDC with the Get-ACL cmdlet, but that switch is not supported.

How do I know which domain controller the Get-ACL cmdlet is using?
How can I make sure the Get-ACL cmdlet is using a specific domain controller?

Any help/suggestions is appreciated.

Thanks!
Ashley.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Targetting Get-ACL to a specific domain controller

Post by jvierra »

"Get-Acl" is using the AD provider and you need to use the provider syntax. "AD:" is the drive created by the provider.mmIt should stay in sync.

Get-Acl 'AD:\OU=Security Groups,OU=Region,DC=domain,DC=com'

The provider will select its own DC and not necessarily the one you are logging in with.
This topic is 5 years and 6 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked